Re: courier-ldap: userPassword with and without {crypt} [patch]
On Thu, 31 May 2001, Russell Coker wrote:
> > This is my patch for autodetection crypted password. The same behaviour
> > has pam_ldap.so module.
>
> Good work, that's a necessary feature.
>
> But doesn't Courier support password authentication by binding to the LDAP?
>
> When configuring LDAP I prefer to have applications chech the passwork by
> binding, this way things can be configured so that the application lacks read
> privs to the userPassword attribute and thus if a hostile user gets that
> level of access they can't do anything other than a brute-force attack.
As far as I read the source, you should set the LDAP_AUTHBIND variable.
Of course, this method should require more resources than checking by
courier itself.
--
Piotr Roszatycki, Netia Telekom S.A. .''`.
mailto:Piotr_Roszatycki@netia.net.pl : :' :
mailto:dexter@debian.org `. `'
`-
Reply to: